Detections
Analytics

Item Search

NameAudit NamePluginCategory
1.1.1.4 Ensure hfsplus kernel module is not availableCIS Amazon Linux 2 v3.0.0 L1Unix

CONFIGURATION MANAGEMENT

1.1.1.8 Ensure usb-storage kernel module is not availableCIS Amazon Linux 2 v3.0.0 L1Unix

MEDIA PROTECTION

1.1.2.1.4 Ensure noexec option set on /tmp partitionCIS Amazon Linux 2 v3.0.0 L1Unix

ACCESS CONTROL, MEDIA PROTECTION

1.1.2.3.2 Ensure nodev option set on /home partitionCIS Amazon Linux 2 v3.0.0 L1Unix

ACCESS CONTROL, MEDIA PROTECTION

1.1.2.5.2 Ensure nodev option set on /var/tmp partitionCIS Amazon Linux 2 v3.0.0 L1Unix

ACCESS CONTROL, MEDIA PROTECTION

1.1.2.5.4 Ensure noexec option set on /var/tmp partitionCIS Amazon Linux 2 v3.0.0 L1Unix

ACCESS CONTROL, MEDIA PROTECTION

1.1.2.6.3 Ensure nosuid option set on /var/log partitionCIS Amazon Linux 2 v3.0.0 L1Unix

ACCESS CONTROL, MEDIA PROTECTION

1.1.2.7.3 Ensure nosuid option set on /var/log/audit partitionCIS Amazon Linux 2 v3.0.0 L1Unix

ACCESS CONTROL, MEDIA PROTECTION

1.1.2.7.4 Ensure noexec option set on /var/log/audit partitionCIS Amazon Linux 2 v3.0.0 L1Unix

ACCESS CONTROL, MEDIA PROTECTION

1.2.1 Ensure GPG keys are configuredCIS Amazon Linux 2 v3.0.0 L1Unix

RISK ASSESSMENT, SYSTEM AND INFORMATION INTEGRITY

1.4.2 Ensure ptrace_scope is restrictedCIS Amazon Linux 2 v3.0.0 L1Unix

CONFIGURATION MANAGEMENT

1.5.1.4 Ensure the SELinux mode is not disabledCIS Amazon Linux 2 v3.0.0 L1Unix

ACCESS CONTROL, MEDIA PROTECTION

1.5.1.7 Ensure the MCS Translation Service (mcstrans) is not installedCIS Amazon Linux 2 v3.0.0 L1Unix

CONFIGURATION MANAGEMENT

1.6.5 Ensure access to /etc/issue is configuredCIS Amazon Linux 2 v3.0.0 L1Unix

ACCESS CONTROL, MEDIA PROTECTION

2.1.2 Ensure chrony is configuredCIS Amazon Linux 2 v3.0.0 L1Unix

AUDIT AND ACCOUNTABILITY

2.2.2 Ensure avahi daemon services are not in useCIS Amazon Linux 2 v3.0.0 L1Unix

CONFIGURATION MANAGEMENT

2.2.5 Ensure dnsmasq services are not in useCIS Amazon Linux 2 v3.0.0 L1Unix

CONFIGURATION MANAGEMENT

2.2.12 Ensure rpcbind services are not in useCIS Amazon Linux 2 v3.0.0 L1Unix

CONFIGURATION MANAGEMENT

2.2.14 Ensure snmp services are not in useCIS Amazon Linux 2 v3.0.0 L1Unix

CONFIGURATION MANAGEMENT

2.2.15 Ensure telnet server services are not in useCIS Amazon Linux 2 v3.0.0 L1Unix

CONFIGURATION MANAGEMENT

2.2.16 Ensure tftp server services are not in useCIS Amazon Linux 2 v3.0.0 L1Unix

CONFIGURATION MANAGEMENT

2.2.22 Ensure only approved services are listening on a network interfaceCIS Amazon Linux 2 v3.0.0 L1Unix

CONFIGURATION MANAGEMENT

2.3.4 Ensure telnet client is not installedCIS Amazon Linux 2 v3.0.0 L1Unix

CONFIGURATION MANAGEMENT

3.1.1 Ensure IPv6 status is identifiedCIS Amazon Linux 2 v3.0.0 L1Unix

CONFIGURATION MANAGEMENT

3.1.2 Ensure wireless interfaces are disabledCIS Amazon Linux 2 v3.0.0 L1Unix

CONFIGURATION MANAGEMENT

3.3.9 Ensure suspicious packets are loggedCIS Amazon Linux 2 v3.0.0 L1Unix

AUDIT AND ACCOUNTABILITY

3.4.3.3 Ensure an nftables table existsCIS Amazon Linux 2 v3.0.0 L1Unix

SECURITY ASSESSMENT AND AUTHORIZATION, SYSTEM AND COMMUNICATIONS PROTECTION

3.4.3.6 Ensure nftables outbound and established connections are configuredCIS Amazon Linux 2 v3.0.0 L1Unix

SECURITY ASSESSMENT AND AUTHORIZATION, SYSTEM AND COMMUNICATIONS PROTECTION

3.4.3.9 Ensure nftables rules are permanentCIS Amazon Linux 2 v3.0.0 L1Unix

SECURITY ASSESSMENT AND AUTHORIZATION, SYSTEM AND COMMUNICATIONS PROTECTION

3.4.4.3.4 Ensure ip6tables default deny firewall policyCIS Amazon Linux 2 v3.0.0 L1Unix

SECURITY ASSESSMENT AND AUTHORIZATION, SYSTEM AND COMMUNICATIONS PROTECTION

3.4.4.3.5 Ensure ip6tables rules are savedCIS Amazon Linux 2 v3.0.0 L1Unix

SECURITY ASSESSMENT AND AUTHORIZATION, SYSTEM AND COMMUNICATIONS PROTECTION

4.1.2.1 Ensure at is restricted to authorized usersCIS Amazon Linux 2 v3.0.0 L1Unix

ACCESS CONTROL, MEDIA PROTECTION

4.2.5 Ensure sshd Banner is configuredCIS Amazon Linux 2 v3.0.0 L1Unix

ACCESS CONTROL

4.2.7 Ensure sshd ClientAliveInterval and ClientAliveCountMax are configuredCIS Amazon Linux 2 v3.0.0 L1Unix

ACCESS CONTROL

4.2.12 Ensure sshd KexAlgorithms is configuredCIS Amazon Linux 2 v3.0.0 L1Unix

ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

4.2.19 Ensure sshd PermitEmptyPasswords is disabledCIS Amazon Linux 2 v3.0.0 L1Unix

IDENTIFICATION AND AUTHENTICATION

4.3.2 Ensure sudo commands use ptyCIS Amazon Linux 2 v3.0.0 L1Unix

ACCESS CONTROL

4.3.5 Ensure re-authentication for privilege escalation is not disabled globallyCIS Amazon Linux 2 v3.0.0 L1Unix

ACCESS CONTROL

4.4.1.2 Ensure libpwquality is installedCIS Amazon Linux 2 v3.0.0 L1Unix

IDENTIFICATION AND AUTHENTICATION

5.2.3 Ensure permissions on SSH private host key files are configuredCIS Aliyun Linux 2 L1 v1.0.0Unix

CONFIGURATION MANAGEMENT

5.2.7 Ensure SSH MaxAuthTries is set to 4 or lessCIS Aliyun Linux 2 L1 v1.0.0Unix

ACCESS CONTROL

5.3.1 Ensure password creation requirements are configured - dcreditCIS Aliyun Linux 2 L1 v1.0.0Unix

IDENTIFICATION AND AUTHENTICATION

5.3.1 Ensure password creation requirements are configured - passwd-auth retryCIS Aliyun Linux 2 L1 v1.0.0Unix

IDENTIFICATION AND AUTHENTICATION

5.3.2 Ensure lockout for failed password attempts is configured - system-auth 'auth [default=die] pam_faillock.so'CIS Aliyun Linux 2 L1 v1.0.0Unix

CONFIGURATION MANAGEMENT

5.4.1.3 Ensure password expiration warning days is 7 or more - login.defsCIS Aliyun Linux 2 L1 v1.0.0Unix

IDENTIFICATION AND AUTHENTICATION

5.4.1.3 Ensure password expiration warning days is 7 or more - usersCIS Aliyun Linux 2 L1 v1.0.0Unix

IDENTIFICATION AND AUTHENTICATION

6.1.3 Ensure permissions on /etc/shadow are configuredCIS Aliyun Linux 2 L1 v1.0.0Unix

IDENTIFICATION AND AUTHENTICATION

6.1.6 Ensure permissions on /etc/passwd- are configuredCIS Aliyun Linux 2 L1 v1.0.0Unix

IDENTIFICATION AND AUTHENTICATION

6.1.10 Ensure no world writable files existCIS Aliyun Linux 2 L1 v1.0.0Unix

CONFIGURATION MANAGEMENT

6.2.14 Ensure no users have .rhosts filesCIS Aliyun Linux 2 L1 v1.0.0Unix

IDENTIFICATION AND AUTHENTICATION